[#131] Update docs

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-26 10:48:09 +03:00 · 2023-06-26 10:48:09 +03:00 · 2cbe3b9a27
commit 2cbe3b9a27
parent c588d485fa
2 changed files with 38 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -27,6 +27,7 @@ This document outlines major changes between releases.
 - Support dump metrics descriptions (#80)
 - Support impersonate bearer token (#81)
 - Return bearer token in `s3-authmate obtain-secret` result (#132)
+- Add `s3-authmate update-secret` command (#131)

 ### Changed
 - Remove object from tree and reset its cache on object deletion when it is already removed from storage (#78)
--- a/docs/authmate.md
+++ b/docs/authmate.md
@ -26,6 +26,7 @@ potentially).
   4. [Containers policy](#containers-policy)
 3. [Obtainment of a secret](#obtaining-credential-secrets)
 4. [Generate presigned url](#generate-presigned-url)
+5. [Update secrets](#update-secret)

 ## Generation of wallet

@ -334,3 +335,39 @@ $ aws s3 --endpoint http://localhost:8084 presign s3://pregigned/obj

 http://localhost:8084/pregigned/obj?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=6UpmiuYspPLMWfyhEKYmZQSsTGkFLS5MhQVdsda3fhz908Hw9eo9urTmaJtfvHMHUpY8SWAptk61bns2Js8f1M5tZ%2F20220615%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20220615T072348Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=b82c13952534b1bba699a718f2d42d135c2833a1e64030d4ce0e198af46551d4
 ```
+
+## Update secret
+You can extend list of s3 gates that can accept already issued credentials.
+To do this use `frostfs-s3-authmate update-secret` command:
+
+**Required parameters:**
+* `--wallet` is a path to a user wallet `.json` file. You can provide a passphrase to decrypt
+  a wallet via environment variable `AUTHMATE_WALLET_PASSPHRASE`, or you will be asked to enter a passphrase
+  interactively. You can also specify an account address to use from a wallet using the `--address` parameter.
+* `--gate-wallet` is a path to a gate wallet `.json` file (need to decrypt current access box version). You can provide a passphrase to decrypt
+  a wallet via environment variable `AUTHMATE_WALLET_GATE_PASSPHRASE`, or you will be asked to enter a passphrase
+  interactively. You can also specify an account address to use from a wallet using the `--gate-address` parameter.
+* `--peer` is an address of a FrostFS peer to connect to
+* `--gate-public-key` is a  public `secp256r1` 33-byte short key of a gate (use flags repeatedly for multiple gates).
+* `--access-key-id` is a credential id to update.  
+
+```shell
+$ frostfs-s3-authmate update-secret --wallet wallet.json --gate-wallet s3-wallet.json \
+ --peer 192.168.130.71:8080 \
+ --gate-public-key 0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf \
+ --gate-public-key 0317585fa8274f7afdf1fc5f2a2e7bece549d5175c4e5182e37924f30229aef967 \
+ --gate-public-key 0223450b9db6d0c083e9c6de1f7d8fd22858d70829e09afa39828bb2416bf190fc \
+ --access-key-id HwrdXgetdGcEWAQwi68r1PMvw4iSm1Y5Z1fsFNSD6sQP04QomYDfYsspMhENEDhzTGwGxm86Q6R2Weugf3PG4sJ3M
+
+Enter password for wallet.json >
+Enter password for s3-wallet.json >
+
+{
+  "initial_access_key_id": "HwrdXgetdGcEWAQwi68r1PMvw4iSm1Y5Z1fsFNSD6sQP04QomYDfYsspMhENEDhzTGwGxm86Q6R2Weugf3PG4sJ3M",
+  "access_key_id": "HwrdXgetdGcEWAQwi68r1PMvw4iSm1Y5Z1fsFNSD6sQP0xXf1ahGndNkydG9MrL9WmCebrPwdSHTAysQa9w6yCNJ",
+  "secret_access_key": "f6a65481fd2752e69e4aa80a6fdcad70cfbf8304d2b3b8c2f9c15212aeee3ae7",
+  "owner_private_key": "7f40233893e4f4a54e4f2f52455a0e6d563f7eb0233a985094937ed69faef681",
+  "wallet_public_key": "031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a",
+  "container_id": "HwrdXgetdGcEWAQwi68r1PMvw4iSm1Y5Z1fsFNSD6sQP"
+}
+```